Presented by: Mike Quinn
Attendees: 14
Powerpoint: Wi-Fi The Good, the Bad, and the Ugly
PDF: Wi-Fi The Good, the Bad, and the Ugly
Pros:
- Much More Secure (harder to listen in on)
- You know who you’re talking to
Cons:
- You can only talk to 1 person
Examples:
- USB cable between your phone or printer and computer
Pros:
- Easy to use
- Can be used in a point-to-point mode (but everyone can still hear you)
Cons:
- Not secure at all – everybody hears you
- Difficult to be sure who you’re talking to
Pro:
- You can talk to anyone on the network
- Uses routers and switches as the “agents” to switch from 1 point-to-point or broadcast area to another
Con:
- Can’t be entirely sure of who you’re talking to or whose listening (at least without “extra” stuff)
- Relies on “truthfullness”
Wi-Fi does not stand for anything – it’s a trademark of the Wi-Fi Alliance
Light (the colors red thru violet are immediately after EHF on the chart above)
5G will be in the 600MHz to 6Ghz area (the same as 4G LTE), but will also add 24-86 GHz in the EHF area in the chart above
Only 5G in the 24-86 GHz will be significantly faster than current 4G LTE
Wi-Fi 1-3 are not widely used anymore
MIMO = Multiple-Input and Multiple-Output (uses multiple antennas for input and output)
MU-MIMO = Multi-User Multiple-Input and Multiple-Output
Guest networks – guest sign on to a different SSID than you use, and they can’t see any of the deivces on your home network, just get access to the internet
Beam-forming – the router increase the power to the proper antenna in the direction of the client device
VPN server – you can use VPN software on your phone or computer to connecto to your home network. Most of you probably don’t need this feature, but it’s handy in some instances.
QoS – Quality of Service – good for things like a VOIP phone and streaming – to give it the highest priority, or if you’re a gamer to give your games high priority
Mesh networks – we’ll talk about those in a future slide
Even in an encrypted environment, even https: and encrypted e-mail can be messed with – someone on the same Wi-Fi can pretend to be your target website or mail server, and if you allow an insecure certificate, you can be fooled – more on this next month).
WPA3 (next generation connection standard) will actually take care of this problem by eliminating these “Man in the middle” attacks (Late-Breaking News: WPA3 has some serioius security problems, so may need to be reworked)
Since 2.4 GHz is unregulated, lots of things use it.
Your body blocks Wi-Fi because water is a good absorber of radio frequencies and you’re mostly water
Routers have to stop transmitting and change channels if they detect a radar signal (DFS)
Using the same SSID for both is usually good – Androids have logic to choose the best throughput that’s supposed to be pretty good. This is especially useful in a house where the 5 GHz gets weak in some of the rooms, so you might want to switch to the 2.4 GHz.
Personally, I’ve found that phones aren’t very aggressive about switching to a better throughput Wi-Fi if they can still talk to the current Wi-Fi, so in my house, we have different SSIDs for 2.4 and 5 GHz so we can force which one we want to connect through. YMMV (Your mileage may vary).
WPS allows you to push a button on your router, and have your device immediately connect without entrying a password.
The problem is that behind the scenes it uses a randomly generated 7-digit pin code – a computer can quickly run through the10 million codes to decrypt your data.
Captive Portal simply means you have to go to a web page and login in some way shape or form before you can use the network.
It’s a bit annoying because if you’re using an email program, it just sits there and can’t use the network until you bring up a browser and try to browse somewhere. Most phones and computers these days are aware of this and will automatically bring up the browser if captive portal is being used….
Wi-Fi EasyConnect – you scan a QR code on your router, then a QR code on your device, and they’re securely connected. This is very handy for “internet of things” – doorbells, door locks, smart lites, etc, where the device only has an interface to a smart phone.
Since a repeater repeats what it hears, it effectively cuts the bandwidth in half.
You can use the same SSID, but most devices won’t switch the channel until the original signal is gone, so if you’re
Wandering around the house, your performance will drop to almost nothing before the phone will switch. With a separate
SSID, you have to manually switch (turning Wi-Fi off and back on, will also do it on phones, since they will then choose the strongest signal that the phone knows the password for).
A “backhaul” is just a physical port (usually ethernet) on the extender, so that the extender can forward the data back to the Wi-Fi router via the cable rather than rebroadcasting it.
With WPA2-PSK everybody who logs onto the network can decrypt everybody else’s traffic just by seeing the logon. If they missed the logon, they can forcibly log you out, and when your phone logs back on, they’ll see the new logon.
Using HTTPS:// uses a second level of encryption so the fact that your packets can be decrypted doesn’t help. HTTPS:// can only be hacked by a Man in the Middle attack, but that causes the site certificate to be invalid.
VPNs sends traffic to someone’s server out in the world, and all your traffic looks like it’s coming from that server. What you send is encrypted. Some secure websites don’t work properly with a VPN (schwab.com is one that comes to mind – I have to shut off my VPN to talk to schwab).
We’ll talk more about VPNs next month.
Don’t need to do this if you didn’t enter a password to logon.
Remember, captive portal, where you log in via a web page, has no encryption…..
Note the lock icon and the https:// in front of the URL. I just typed google.com – google automatically converted it to https://. Most good websites will do that automatically, but you can force it by manually typing the https://. If they don’t support https://, it won’t bring up the website.
Baidu.com is the Chinese google. Note they do not switch over to https:// and there’s no lock icon. However, in their case, if you typehttps://baidu.com, they will use https:// and you’ll get the lock icon.
Don’t continue on to websites that put this kind of dialog up. It means the certificate that’s used by the website cannot validate that they are who they say they are. Sometimes, this is an oversight by the website because the certificate expired (they have to be renewed every few years), but it can also mean that someone is impersonating the website.